Denial of Service attack Messages Constantly
Jerry Benton
jerry.benton at mailborder.com
Wed Aug 24 14:01:20 UTC 2016
Ok, as far as permissions go … I addressed this issue in v5. The
installer creates a group called mtagroup. You MTA, virus scanners,
etc should be added to this group automatically. However, you should
confirm those accounts are members of that group. IF you add extra
virus scanners, add those system users to the mtagroup.
Next, the “Run As User” is dependent on what MTA and virus scanners
you are using, but this is not as important as the next item.
What is very important is that the “Run As Group” should be mtagroup
and the permissions should be 0660 in your config. By default this is
what ships with v5. If you changed it or used your old config, well …
that is on you. By using mtagroup and 0660 nothing will have any
permissions issues.
If you need a reference to the defaults, it is here:
https://github.com/MailScanner/v5/blob/master/common/etc/MailScanner/MailScanner.conf
-
Jerry Benton
www.mailborder.com
+1 - 844-436-6245
-----Original Message-----
From: Andy Southgate <andy at z00b.com>
Reply: MailScanner Discussion <mailscanner at lists.mailscanner.info>
Date: August 24, 2016 at 9:36:01 AM
To: MailScanner Discussion <mailscanner at lists.mailscanner.info>
Subject: RE: Denial of Service attack Messages Constantly
> can confirm, added that, restarted MailScanner service and still get errors
>
> -----Original Message-----
> From: MailScanner [mailto:mailscanner-bounces+andy=z00b.com at lists.mailscanner.info]
> On Behalf Of Azir Güleroglu
> Sent: 23 August 2016 12:07
> To: MailScanner Discussion
> Subject: RE: Denial of Service attack Messages Constantly
>
> I added this block to limits.conf but still our customers get same errors.
>
> Azir Guleroglu
>
>
> -----Original Message-----
> From: MailScanner [mailto:mailscanner-bounces+azir.guleroglu=turknet.net.tr at lists.mailscanner.info]
> On Behalf Of Jerry Benton
> Sent: Monday, August 22, 2016 7:51 PM
> To: MailScanner Discussion
> Subject: Re: Denial of Service attack Messages Constantly
>
> When I see this happen it is usually related to /etc/security/limits.conf
>
> The old MailScanner code tried to silently increase the limits. This feature has been
> removed. Add this to /etc/security/limits.conf to try and resolve the issue:
>
>
> * hard nofile 65535
> * soft nofile 65535
> root hard nofile 65535
> root soft nofile 65535
>
>
>
>
> -
> Jerry Benton
> www.mailborder.com
> +1 - 844-436-6245
>
>
> -----Original Message-----
> From: Steven Jardine
> Reply: MailScanner Discussion
> Date: August 22, 2016 at 10:29:54 AM
> To: MailScanner Discussion
> Subject: Re: Denial of Service attack Messages Constantly
>
> > I can confirm this behavior....the error code that I was getting was
> > 13 which is a permission denied error. Unfortunately, it was happening
> > too often on legitimate mail that I had to turn off the feature.
> >
> > I would really like to determine the cause....
> >
> > On 08/22/2016 08:15 AM, Andy Southgate wrote:
> > >
> > > It still happens for me, AFAIK all that was worked out was that for
> > > some reason there is an intermittant permission problem that
> > > occasionally causes the spawned child process to fail to run causing
> > > that error on the message, but there was never any insight as to why
> > > that should be.
> > >
> > > *From:*MailScanner
> > > [mailto:mailscanner-bounces+andy=z00b.com at lists.mailscanner.info]
> > > *On Behalf Of *Aaron Pursell
> > > *Sent:* 22 August 2016 15:01
> > > *To:* mailscanner at lists.mailscanner.info
> > > *Subject:* Re: Denial of Service attack Messages Constantly
> > >
> > > I read pretty much every message and tried everything, most of those
> > > messages are years old and it appears it was fixed and now in the
> > > new version is the first time I'm experiencing them in many, many
> > > years, the fixes worked originally back in a way older versiona.
> > > Nothing really changed except the fact there's this new version, too
> > > bad it only happens to legitimate messages and not spam.... So who knows.
> > > I'll continue to look, the log really never says anything specific.
> > > I
> > >
> > > ---
> > >
> > >
> > >
> > > Regards,
> > >
> > > Aaron
> > >
> > >
> > > Message: 1
> > > Date: Fri, 19 Aug 2016 08:26:31 -0600
> > > From: Steven Jardine > > >
> > > To: MailScanner Discussion > > >
> > > Subject: Re: Denial of Service attack Messages Constantly
> > > Message-ID: <9dbfad5c-651a-3a7f-e9c8-2c623adf51c1 at mjnservices.com
> > > >
> > > Content-Type: text/plain; charset=windows-1252; format=flowed
> > >
> > > I still haven't found a good solution to this even after trying all
> > > of the suggestions posted on the previous threads. If turn off
> > > "Dangerous Content Scanning" the error goes away but you lose that functionality.
> > >
> > > I have had to disable it until a solution can be found. Its not ideal.
> > >
> > > Good luck!
> > > Steve
> > >
> > > On 08/18/2016 04:43 PM, Mark Sapiro wrote:
> > >
> > > On 08/18/2016 08:49 AM, Aaron Pursell wrote:
> > >
> > >
> > > The problem is, my users and I keep getting messages like this:
> > >
> > > "
> > >
> > > MailScanner was attacked by a Denial Of Service attack, and has
> > > therefore deleted this part of the message. Please contact your
> > > e-mail providers for more information if you need it, giving them
> > > the whole of this report. Attack in:
> > > /var/spool/MailScanner/incoming/12835/78C9F481B0DA.ACDF4/nmsg-12835-2.html"
> > >
> > >
> > > The path doesn't exist when you look and the message never gets
> > > delivered. What can I turn off or adjust to make sure this doesn't
> > > happen?
> > >
> > >
> > > What's in the Mail log associated with this?
> > >
> > > There's a long thread on this with Subject: Denial Of Service Attack
> > > Messages in the archives of this list at
> > >
> > > and
> > >
> > > which may be helpful.
> > >
> > >
> > >
> > >
> > > IMPORTANT: This email does not constitute a contract or an offer or
> > > acceptance of an offer to enter into a contract. Further, this email
> > > may not be used to modify, supplement, novate, or waive any rights
> > > with respect to an existing contract or other binding commercial
> > > terms. MJN Services, Inc. conducts business under our service terms
> > > and conditions found at www.mjnservices.com unless otherwise agreed
> > > to in writing by an officer of MJN Services, Inc.
> > >
> > >
> > >
> > > ------------------------------
> > >
> > > Message: 2
> > > Date: Fri, 19 Aug 2016 09:30:29 -0500
> > > From: Jerry Benton > > >
> > > To: MailScanner Discussion > > >
> > > Subject: Re: Denial of Service attack Messages Constantly
> > > Message-ID:
> > > > > >
> > > Content-Type: text/plain; charset=UTF-8
> > >
> > > Steve,
> > >
> > > Can you zip the raw source of a message (the file) that triggers
> > > this and email it directly to me?
> > >
> > >
> > > -
> > > Jerry Benton
> > > www.mailborder.com
> > > +1 - 844-436-6245
> > >
> > >
> > > -----Original Message-----
> > > From:?Steven Jardine > > >
> > > Reply:?MailScanner Discussion > > >
> > > Date:?August 19, 2016 at 10:27:05 AM To:?MailScanner Discussion > >
> > > > Subject:? Re: Denial of Service attack Messages Constantly
> > >
> > > I still haven't found a good solution to this even after trying all
> > > of the suggestions posted on the previous threads. If turn off
> > > "Dangerous Content Scanning" the error goes away but you lose that functionality.
> > >
> > > I have had to disable it until a solution can be found. Its not ideal.
> > >
> > > Good luck!
> > > Steve
> > >
> > > On 08/18/2016 04:43 PM, Mark Sapiro wrote:
> > >
> > > On 08/18/2016 08:49 AM, Aaron Pursell wrote:
> > >
> > >
> > > The problem is, my users and I keep getting messages like this:
> > >
> > > "
> > >
> > > MailScanner was attacked by a Denial Of Service attack, and has
> > > therefore deleted this part of the message. Please contact your
> > > e-mail providers for more information if you need it, giving them
> > > the whole of this report. Attack in:
> > > /var/spool/MailScanner/incoming/12835/78C9F481B0DA.ACDF4/nmsg-12835-2.html"
> > >
> > >
> > > The path doesn't exist when you look and the message never gets
> > > delivered. What can I turn off or adjust to make sure this doesn't
> > > happen?
> > >
> > >
> > > What's in the Mail log associated with this?
> > >
> > > There's a long thread on this with Subject: Denial Of Service Attack
> > > Messages in the archives of this list at
> > >
> > > and
> > >
> > > which may be helpful.
> > >
> > >
> > >
> > >
> > > IMPORTANT: This email does not constitute a contract or an offer or
> > > acceptance of an offer to enter into a contract. Further, this email
> > > may not be used to modify, supplement, novate, or waive any rights
> > > with respect to an existing contract or other binding commercial
> > > terms. MJN Services, Inc. conducts business under our service terms
> > > and conditions found at www.mjnservices.com unless otherwise agreed
> > > to in writing by an officer of MJN Services, Inc.
> > >
> > >
> > >
> > > --
> > > MailScanner mailing list
> > > mailscanner at lists.mailscanner.info
> > >
> > > http://lists.mailscanner.info/listinfo/mailscanner
> > >
> > >
> > >
> > > ------------------------------
> > >
> > > Subject: Digest Footer
> > >
> > >
> > >
> > > --
> > > MailScanner mailing list
> > > mailscanner at lists.mailscanner.info
> > >
> > > http://lists.mailscanner.info/listinfo/mailscanner
> > >
> > >
> > > ------------------------------
> > >
> > > End of MailScanner Digest, Vol 128, Issue 16
> > > ********************************************
> > >
> > >
> > > --
> > > This message has been scanned for viruses and dangerous content by
> > > *MailScanner* , and is believed to be clean.
> > >
> > >
> > >
> > >
> >
> >
> >
> > IMPORTANT: This email does not constitute a contract or an offer or
> > acceptance of an offer to enter into a contract. Further, this email
> > may not be used to modify, supplement, novate, or waive any rights
> > with respect to an existing contract or other binding commercial
> > terms. MJN Services, Inc. conducts business under our service terms
> > and conditions found at www.mjnservices.com unless otherwise agreed to in writing
> by an officer of MJN Services, Inc.
> >
> >
> >
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info
> > http://lists.mailscanner.info/listinfo/mailscanner
> >
> >
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
>
>
> ________________________________
>
> Bu elektronik posta ve onunla iletilen bütün dosyalar sadece göndericisi tarafından
> alması amaçlanan yetkili gerçek ya da tüzel kişinin kullanımı içindir. Eğer söz konusu
> yetkili alıcı değilseniz bu elektronik postanın içeriğini açıklamanız, kopyalamanız,
> yönlendirmeniz ve kullanmanız kesinlikle yasaktır ve bu elektronik postayı derhal
> silmeniz gerekmektedir. TurkNet bu mesajın içerdiği bilgilerin doğruluğu veya eksiksiz
> olduğu konusunda herhangi bir garanti vermemektedir. Bu nedenle bu bilgilerin ne şekilde
> olursa olsun içeriğinden, iletilmesinden, alınmasından ve saklanmasından sorumlu
> değildir. Bu mesajdaki görüşler yalnızca gönderen kişiye aittir ve TurkNet'in görüşlerini
> yansıtmayabilir. Bu e-posta bilinen bütün bilgisayar virüslerine karşı taranmıştır.
> ________________________________________
> This e-mail and any files transmitted with it are confidential and intended solely for
> the use of the individual or entity to whom they are addressed. If you are not the intended
> recipient you are hereby notified that any dissemination, forwarding, copying or use
> of any of the information is strictly prohibited, and the e-mail should immediately
> be deleted. TurkNet makes no warranty as to the accuracy or completeness of any information
> contained in this message and hereby excludes any liability of any kind for the information
> contained therein or for the information transmission, reception, storage or use of
> such in any way whatsoever. The opinions expressed in this message belong to sender alone
> and may not necessarily reflect the opinions of TurkNet. This e-mail has been scanned
> for all known computer viruses.
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
>
>
More information about the MailScanner
mailing list